Google Chrome Rolls Out Emergency Patch for 6th Zero-Day Exploit of 2024

May 14, 2024

Google has urgently released security patches for its widely-used Chrome browser to rectify a high-severity zero-day vulnerability, known as CVE-2024-4761, which has been exploited in cyber attacks. This action was taken just three days following Google's response to another zero-day vulnerability in Chrome, identified as CVE-2024-4671, which was a result of a 'use-after-free' weakness in the Visuals component.

The most recent flaw, CVE-2024-4761, is an 'out-of-bounds write' problem that affects Chrome’s V8 JavaScript engine, responsible for executing JavaScript code in the browser. An 'out-of-bounds write' issue arises when a program is permitted to write data beyond the defined array or buffer, potentially leading to unauthorized data access, arbitrary code execution, or program crashes. Google's advisory stated, “Google is aware that an exploit for CVE-2024-4761 exists in the wild”.

Google addressed this security issue with the launch of 124.0.6367.207/.208 for Mac/Windows and 124.0.6367.207 for Linux. These updates will be gradually rolled out to all users in the coming days or weeks. For 'Extended Stable' channel users, the fixes will be available in version 124.0.6367.207 for Mac and Windows. Chrome automatically updates when a security patch is available. Users can ensure they are running the most recent version by navigating to Settings > About Chrome, allowing the update to complete, and then clicking on the 'Relaunch' button to apply it.

This latest vulnerability in Google Chrome marks the sixth zero-day bug found and rectified in the popular web browser since the beginning of the year. Google has acknowledged that an anonymous researcher reported the flaw on May 9, 2024, but no additional details have been disclosed at this point. Google stated, “Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed”. The zero-day vulnerabilities fixed in Chrome in 2024 so far include:

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.